🚀 Feature: Dynamic state in OAuth2

[gepd]

🔖 Feature description

Would great to have an option to work with dynamic state in OAuth2

🎤 Pitch

In my case my provider has a requirement to have a dynamic state to use its oauth2 authentication (its a private one).

Stateless have the benefit to avoid to re-type your credentials again. But when you have sensitive data, if you close your session is essential to identificate the user again.

Currently if you close your session and log in again the session will be create again without ask for any credentials

Talking with Steven: https://discord.com/channels/564160730845151244/1105607724575768607 we agree the hard part is to maintain the state and validate it

I open this issue to discuss about it

👀 Have you spent some time to check if this issue has been raised before?

• I checked and didn't find similar issue

🏢 Have you read the Code of Conduct?

• I have read the Code of Conduct

[stnguyen90]

@gepd, thanks for creating this issue! 🙏🏼

In my case my provider has a requirement to have a dynamic state to use its oauth2 authentication (its a private one).

What you're describing isn't specific to your provider. This is a standard part of OAuth2. See this. This is something that would be nice to have in Appwrite.

Currently if you close your session and log in again the session will be create again without ask for any credentials

This is expected because the user still has a session with the OAuth2 provider and the user has already granted Appwrite access to the account. Some providers allow passing some additional parameters to tweak the behavior. For example, prompt=login or prompt=select_account.

[joeyouss]

Hi @gepd - if no further help is needed, can you please close the issue?